CSC348 – Data Security and Encryption Dr. Adnan Ahmad AdnanAhmad@ciitlahore.edu.pk

Basic Concepts

Something to worry about Trust An extremely important security concept You do certain things for those you trust You don’t do them for those you don’t Seems simple, ??? Problems with trust How do you express trust? Why do you trust something? How can you be sure who you’re dealing with? What if trust is situational? What if trust changes?

Something to worry about Symmetric Trust Alice trusts Bob ?

Something to worry about Transitive Trust Alice trusts Bob ? Bob trusts Carol Carol trusts David

Absolute Security vs Absolute Access It's very important to understand that in security, one simply cannot say ``what's the best firewall?'‘ There are two extremes: absolute security and absolute access The closest we can get to an absolutely secure machine is one unplugged from the network, powered off, locked in a safe Unfortunately, it isn't useful in this state

Absolute Security vs Absolute Access A machine with absolute access is extremely convenient to use: it's simply there, and will do whatever you tell it, without questions, authorization, passwords, or any other mechanism Unfortunately, this isn't practical, either The internet is a bad neighborhood now, and it isn't long before some bonehead will tell the computer to do something like self-destruct, after which, it isn't useful to you

Network Security – First Concepts Security thus depends on the policies we define and the decisions we take This is no different from our daily lives We constantly make decisions about what risks we're willing to accept When we get in a car and drive to work, there's a certain risk that we're taking It's possible that something completely out of control will cause us to become part of an accident on the highway When we get on an airplane, we're accepting the level of risk involved as the price of convenience

Network Security – First Concepts However, we have a mental picture of what an acceptable risk is, and won't go beyond that in most circumstances If I happen to be upstairs at home, and want to leave for work, I'm not going to jump out the window Yes, it would be more convenient, but the risk of injury outweighs the advantage of convenience

Network Security – First Concepts Every organization needs to decide for itself where between the two extremes of total security and total access they need to be A policy needs to articulate this, and then define how that will be enforced with practices and such Everything that is done in the name of security, then, must enforce that policy uniformly

Cost benefit analysis A database that provides salary information to a second system that print checks. Huge financial loss A company has several branch offices and each downloads the database copy daily. The branch office uses the database to recommend the salary, but the main office use the original database for the final calculations. Recoverable !

Some Rational Thinking ! Consider a company where 10000 documents are processed per month with no security mechanism. Security breaches occur about twice per month, and almost 100 documents are compromised per breach. The administrator needs to restart the processing of the breached documents. Each document’s processing worth about $20, and the documents compromised tend to be about half processed when they are restarted. If some security mechanism is installed, it will increase the average processing cost about 1% for all the documents. Should the company install security mechanism?

Key Security Concepts Security Goals (the CIA triad) Confidentiality Integrity Availability

Key Security Concepts Confidentiality: only sender, intended receiver should “understand” message contents Covers both data confidentiality and privacy Data confidentiality Assures that confidential information is not disclosed to unauthorized individuals. Privacy Assures that individuals control the information related to them What may be collected and stored by whom To whom that information may be disclosed.

Key Security Concepts Confidentiality: Student grade information is an asset whose confidentiality is considered to be highly important by students. United States – Family Educational Rights and Privacy Act (FERPA) Grade information (high rating) Available to students, their parents, and employees that require the information to do their job. Student enrollment information (moderate rating) Less likely to be targeted than grade information, and Results in less damage if disclosed. Directory information (lists of students/faculty) (low rating) Typically freely available to the public and published on a school’s Web site.

Key Security Concepts Integrity: Sender, receiver want to ensure message not altered (in transit, or afterwards) without detection, and want to be able to prove that the sender did, in fact, send the message covers both data and system integrity Data integrity Assures that information and programs are changed only in a specified and authorized manner. System integrity Assures that a system performs its intended function in an unimpaired (perfect) manner, free from deliberate or unauthorized manipulation of the system.

Key Security Concepts Integrity: Hospital patient’s allergy information database High requirement for integrity. The doctor should be able to trust that the information is correct and current. Inaccurate information could result in serious harm or death to a patient and expose the hospital/doctor to massive liability. If an employee (e.g., a nurse) authorized to view/update this information deliberately falsifies the data to cause harm to the hospital/patient/doctor. The database needs to be restored to a trusted basis quickly it should be possible to trace the error back to the person responsible.

Key Security Concepts Integrity: Web site that offers a forum to registered users to discuss some specific topic Moderate level of integrity Either a registered user or a hacker could falsify some entries or deface the Web site. If the forum exists only for the enjoyment of the users, brings in little or no advertising revenue, and is not used for something important such as research, then potential damage is not severe. The Web master may experience some data, financial, and time loss.

Key Security Concepts Integrity: An anonymous online poll Low integrity requirement Many Web sites, such as news organizations, offer these polls to their users with very few safeguards. However, the inaccuracy and unscientific nature of such polls is well understood.

Key Security Concepts Availability: Services must be accessible and available to properly authorized users Ensuring timely and reliable access to and use of information

Key Security Concepts Availability: The more critical a component or service, the higher is the level of availability required. Consider a system that provides authentication services for critical systems, applications, and devices. An interruption of service results in the inability for customers to access computing resources and staff to access the resources they need to perform critical tasks. The loss of the service translates into a large financial loss in lost employee productivity and potential customer loss. Facebook losses $ 24, 420 per minute, if it goes down.

Key Security Concepts Availability: Public Web site for a university moderate availability requirement The Web site provides information for current and prospective students and donors. Such a site is not a critical component of the university’s information system, but its unavailability will cause some embarrassment.

Key Security Concepts Availability: An online telephone directory lookup application low availability requirement Although the temporary loss of the application may be an annoyance, there are other ways to access the information, such as a hardcopy directory or the operator.

Some additional concepts Authenticity: The property of being genuine and being able to be verified and trusted; Confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source. Accountability: Actions of an entity should be traced uniquely to that entity. This supports nonrepudiation, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party.

Key Security Concepts Types of Attacks Passive Attack Active Attack Make use of information, but not affect system resources, e.g. Release message contents Traffic analysis Relatively hard to detect, but easier to prevent Active Attack Alter system resources or operation, e.g. Masquerade Replay Modification Denial of service Relatively hard to prevent, but easier to detect

Key Security Concepts Release message contents – Passive Attack E

Key Security Concepts Traffic analysis – Passive Attack E

Key Security Concepts Masquerade – Active Attack E

Key Security Concepts Replay – Active Attack E

Key Security Concepts Modification – Active Attack E

Key Security Concepts Denial of service – Active Attack E

Types of Attacks

Anatomy of a Buffer Overflow Buffer: memory used to store user input, has fixed maximum size Buffer overflow: when user input exceeds max buffer size Extra input goes into memory locations

An Example

Smashing The Stack For Fun And Profit http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf

Solution: Defensive Programming Never Trust Input Always check buffer lengths Prevent Errors Fail Early And Openly Document Assumptions Prevention Over Documentation Automate Everything Simplify And Clarify Question Authority ~ Learn C The Hard Way

This never happens!

Static Analysis Tools Static Analysis: analyzing programs without running them Meta-level compilation Find security, synchronization, and memory bugs Detect frequent code patterns/idioms and flag code anomalies that don’t fit Ex: Coverity, Fortify, Ounce Labs, Klockwork Coverity found bugs in Linux device drivers Lots of tools to look for security bugs in Web code

Summary of Buffer overflow Buffer overflows most common security threat! Used in many worms such as Morris Worm Affects both stacks and heaps Attacker can run desired code, hijack program execution and change its behavior Prevent by bounds-checking all buffers And/or use StackGuard, Static Analysis… Type of Memory Corruption: Format String Vulnerabilities, Integer Overflow, etc… Further Reading “Low-Level Software Security by Example” by Ulfar Erlingsson, Yves Younan, and Frank Piessens

Key Security Concepts Security Services Authentication assure that the communicating entity is the one that it claims to be Access Control prevent unauthorized use of a resource Data Confidentiality protect data from unauthorized disclosure Data Integrity assure data received are exactly as sent by authorized entity Nonrepudiation protect against denial of one entity involved in communications of having participated in communications Availability system is accessible and usable on demand by authorized users according to intended goal

Key Security Concepts Alice and Bob are the two most famous persons in network security They are used everywhere Alice and Bob want to communicate “securely” Trudy (intruder) may interrupt, intercept, modify, fabricate and so on, to disrupt their communications

Key Security Concepts Who might Alice and Bob be? Well, real-life Alice(s) and Bob(s)! Web browser/server for electronic transactions (e.g., on-line purchases) On-line banking client/server DNS servers Routers exchanging routing table updates Other examples?

Key Security Concepts Question: What could Trudy do in this case? Answer: Unfortunately, a lot! Interruption: Somehow disrupt the service being provided by the network to Alice and Bob Interception: Eavesdrop on communication meant to be private or confidential Modification: Tamper with information or network resources Fabrication: Counterfeit information or network resources or services are inserted into the network

Key Security Concepts How can we protect ourselves from these attacks? Interruption attacks: Firewalls, replication, backups, hardware appliances Interception attacks: Encryption, traffic padding Modification attacks: Encryption, traffic padding, backups, messaging techniques (checksums, sequence numbers, digests, authentication codes) Fabrication attacks: Authentication and authorization, firewalls, digital signatures

Key Security Concepts Security is a policy, Protection is a mechanism Protection mechanisms implement security policies Vulnerability is a weakness that can allow an attacker to cause problems Exploit is an actual incident of taking advantage of a vulnerability

Key Security Concepts Virus is a potentially damaging computer program (code), can spread and damage files. It attaches itself to programs, disks, or memory to propagate itself Worm copies itself repeatedly, using up resources and possibly shutting down computer or network Trojan horse hides within or looks like legitimate program until triggered, does not replicate itself on other computers Spyware is program placed on computer without user’s knowledge, collects personal information Adware is a program that displays online advertisements Spam is unsolicited e-mail message sent to many recipients

Key Security Concepts Hoax uses emotion to propagate, e.g., child's last wish Trap door is an undocumented entry point for debugging purposes Logic bomb are instructions that trigger on some event in the future Zombie are malicious instructions that can be triggered remotely Phishing is a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal information

Microsoft Engineering Excellence THANKS Microsoft Confidential